Frequently Asked Question

Does PCI DSS apply to paper with cardholder data (for example, receipts, reports, etc.)?

Yes, PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or transmitted on or by any media, including paper records. PCI DSS Requirement 9 specifically addresses the safeguarding of physical media, including paper records, containing cardholder data.

Note: The specific sub requirement number(s) and terminology may vary depending on the version of the standard being used.

Last updated: August 2022
Originally published: April 2012
Article Number: 1069

Featured FAQ Articles